[Git][security-tracker-team/security-tracker][master] openjdk-17,cinder,nova,glance DSAs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ddfadbc4 by Moritz Mühlenhoff at 2023-02-01T19:23:47+01:00
openjdk-17,cinder,nova,glance DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -36094,7 +36094,6 @@ CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
 	- openjdk-11 11.0.17+8-1
 	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 	- openjdk-17 17.0.5+8-1
-	[bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
 CVE-2022-39398 (tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2 ...)
 	NOT-FOR-US: GLPI plugin
 CVE-2022-39397 (aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of thi ...)
@@ -95440,7 +95439,6 @@ CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
 	- openjdk-11 11.0.17+8-1
 	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 	- openjdk-17 17.0.5+8-1
-	[bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
 CVE-2022-21627 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
 	- virtualbox 6.1.40-dfsg-1
 	NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
@@ -95457,7 +95455,6 @@ CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
 	- openjdk-11 11.0.17+8-1
 	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 	- openjdk-17 17.0.5+8-1
-	[bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
 CVE-2022-21623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
 	NOT-FOR-US: Oracle
 CVE-2022-21622 (Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middlew ...)
@@ -95474,10 +95471,8 @@ CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
 	- openjdk-11 11.0.17+8-1
 	[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
 	- openjdk-17 17.0.5+8-1
-	[bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
 CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	- openjdk-17 17.0.5+8-1
-	[bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
 CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.31-1 (bug #1024016)
 CVE-2022-21616 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,15 @@
+[01 Feb 2023] DSA-5338-1 cinder - security update
+	{CVE-2022-47951}
+	[bullseye] - cinder 2:17.0.1-1+deb11u1
+[01 Feb 2023] DSA-5337-1 nova - security update
+	{CVE-2022-47951}
+	[bullseye] - nova 2:22.0.1-2+deb11u1
+[01 Feb 2023] DSA-5336-1 glance - security update
+	{CVE-2022-47951}
+	[bullseye] - glance 2:21.0.0-2+deb11u1
+[01 Feb 2023] DSA-5335-1 openjdk-17 - security update
+	{CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843}
+	[bullseye] - openjdk-17 17.0.6+10-1~deb11u1
 [29 Jan 2023] DSA-5334-1 varnish - security update
 	{CVE-2022-45060}
 	[bullseye] - varnish 6.5.1-1+deb11u3


=====================================
data/dsa-needed.txt
=====================================
@@ -11,13 +11,9 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
---
-cinder (jmm)
 --
 frr
 --
-glance (jmm)
---
 jupyter-core
   Maintainer asked for availability to prepare updates
 --
@@ -32,13 +28,9 @@ linux (carnil)
 netatalk
   open regression with MacOS, tentative patch not yet merged upstream
 --
-nova (jmm)
---
 multipath-tools
   Tobias Frost proposed a potential update to be reviewed, maintainer asked to review changes
 --
-openjdk-17 (jmm)
---
 php-cas
 --
 php-horde-mime-viewer



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddfadbc4d1151cea776fa042f10f8e02f9d429ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddfadbc4d1151cea776fa042f10f8e02f9d429ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230201/f7d0ca24/attachment-0001.htm>